views:

732

answers:

3

Hi, I am trying to manually implement a login system in ASP.NET 3.5. Basically, on load, I would like the site to check and see if user object is active, if not, than I want the login page to appear.

After user has logged in successfully, I would like the user to be able to access the same page he has requested originally.

for example:

  1. user request to: MyPage.aspx - not logged in
  2. login page appears instead of MyPage.aspx
  3. user logs in successfully
  4. MyPage.aspx appears instead of Default.aspx for example

Peering at the System.Net namespace, I see that there is an "HttpWebRequest Class" which has a "HttpWebRequest.AllowAutoRedirect Property" but am unsure how that would get me back from the login page.

NOTE: I know there are automatic authentication systems setup in ASP.NET, but I would like to have manual control over the database.

-- Tomek

+1  A: 

Just save the originally requested url in Session or a hidden field on the login page
After successful login, use Server.Transfer or Response.Redirect to jump to that page.

Peter Hahndorf
Good point. Thanks... btw... GREAT pics of your travels on your site! I stole a couple of the mountainous regions from Peru as personal background images. Hope you don't mind.
Tomaszewski
+1  A: 

What you could do, if you don't want to actually use the built in Forms Authentcation is:

Check if the user is authenticated on each page you want to hide from anonymous users. If they are not authenticated, redirect them to your login page with the URL in the query string.

if(!HttpContext.Current.User.Identity.IsAuthenticated) {
    Response.Redirect(~/login.aspx?redirect=this_page.aspx");
}

Then on your login page, after a user logs in. Check the query string to see if there is a redirect parameter.

if(!String.IsNullorEmpty(Request.QueryString["redirect"]) {
  string url = ResolveClientURL(redirect);
  Response.Redirect(url);
}

Of course this is all built into .NET using Authentication, where you can deny anonymous access to certain directories, and when you do that, .NET will redirect to your login page (which is set in the web.config) and will include a "ReturnURL=blahblah" on your login page.

Just an FYI.

Jack Marchetti
JackM, thanks. I am about to try this out. Do I have to have the Web.Config file set to any type of Authentication level other than "None"?
Tomaszewski
How are you going to handle authentication? In .NET, you do this by calling FormsAuthentication.SetAuthCookie().
Jack Marchetti
I was going to handle it using the Session object and a custom User object that would have a var set to true if login compared true via the db.
Tomaszewski
A: 

It looks like another method is described here. It seems that you can use the following object to return from the login page:

FormsAuthentication.RedirectFromLoginPage

Yet, according to the article, the better method is to use what JackM described, but with an overload:

Response.Redirect("~/default.aspx", false);

In doing so, you prevent the Session from ending when the page is redirected.

Tomaszewski